Welcome to Geeklog, Anonymous Thursday, March 28 2024 @ 03:53 pm EDT

Geeklog Forums

Security flaw. OMG no!


Status: offline

Mikez

Forum User
Regular Poster
Registered: 06/17/05
Posts: 87
I went to talk to my school about using Geeklog to help run the website.
And they brought up something that just made me think. Wow there right.

Geek log prides it's self on Security. But it don't cover kids. There info becomes public the sec they put it in there profile.
There needs to be a way for members to mark theme self private and for Admins to force it on them if they find out there a kid.
The reason I use geeklog over other programs is because it's just not hard to hack but it keeps peoples info private. Like Emails and stuff.

But as we know from Myspace and things like that. Kids will blurt out anything and then make the sight look bad because we don't have the tools to at least try to stop them.

To me thats a big Security flaw.
There needs to be some way to do that and a way to make it were only the people and groups they want to have access to the profiles.
There needs to be a way a member can change it for them self and a way an Admin can change it and have the admins changes override the members

Maybe make it when you click someone that don't have permission to see someone's profile. They still see like there Icon and user name.
But the rest is marked private or something.

Oh, ya is it just me or is the site going really slow these days???
 Quote

Status: offline

Dirk

Site Admin
Admin
Registered: 01/12/02
Posts: 13073
Location:Stuttgart, Germany
Quote by: Mikez

To me thats a big Security flaw.


Well, I guess that's debatable. Geeklog certainly wasn't made with something like MySpace in mind (especially considering that Geeklog is the older of the two).

Having said that, it shouldn't be too hard to extend Geeklog's security model to a user's profile. A quick hack like only giving users of a certain group access to it should only require a few lines of code. Making that configurable by the user is more work, but mostly only for the UI.

Too bad we didn't have enough SoC slots to pick a Social Networking project for Geeklog 1 - that would have fit nicely into such a project.

Someone send patches or feature requests ...

bye, Dirk
 Quote

Status: offline

1000ideen

Forum User
Full Member
Registered: 08/04/03
Posts: 1298
I suppose you are talking about the public "About me" page within the account settings? I don`t understand WHY you need private and public data but I wouldn`t mind if the information box on the left were red instead of yellow. Anything that makes 50% of the users more aware of the fact that public datae is visible to others and also search engines.

But what do we do with the other 50% who think red indicates it`s a safe place and put in their credit card data Confused:

Hm, maybe the censor tool could dig for credit card and phone numbers ? Wouldn`t be a bad idea, honestly.
 Quote

All times are EDT. The time is now 03:53 pm.

  • Normal Topic
  • Sticky Topic
  • Locked Topic
  • New Post
  • Sticky Topic W/ New Post
  • Locked Topic W/ New Post
  •  View Anonymous Posts
  •  Able to post
  •  Filtered HTML Allowed
  •  Censored Content